Ledger Hardware Wallets: Customer data published in hacker forum

If you use a Ledger hardware wallet, you must currently expect increased phishing attacks. This is because 1 million email addresses and 250,000 other Ledger data records have appeared on the Internet, which should not be public there.

Ledger is on the alert again and warns urgently against phishing attempts via Twitter. The reason: A huge database has been put online at Raidforums, which probably belongs to Ledger. Ledger itself admits this and also knows that Raidforums is a collection point for data that can help cyber criminals. The talk is of more than 1 million email addresses of Ledger’s customers and more than 250,000 profiles where phone number, home address and names are also now public. This allows phishing attacks to be customized and used to try to obtain passwords and the recovery phrase of Ledger hardware wallets.

Phishing attacks on Ledger – what to do?

Ledger has set up a website to describe countermeasures to phishing. First and most important rule: Recovery Phrase for your Ledger Nano S or Nano X must not be shared with others under any circumstances, it is your crucial security key. Email or phone requests for the recovery phrase or parts of it are sure signs that someone is trying to take control of your hardware wallet.

Other current attack models: You receive messages in which Ledger supposedly warns you about deactivating your hardware wallet or asks you to reload software. Again, it all boils down to criminals trying to trick you into making unintended transactions and/or revealing your passwords. Ledger encourages you to report phishing attempts. A good 170 websites from which phishing originated have already been shut down.

Background to the Ledger Leak

At the beginning of August, Ledger had to admit that customer data had been hacked. According to reports at the time, the database for customer contacts was involved. Most recently in October, phishing attempts accumulated at Ledger, which were associated with the leak from the summer. But only now, apparently, is the entire Ledger leak easily accessible. Surprisingly, the number of lost records is higher than initially stated by Ledger.

Conclusion: image damage for Ledger

Once again, as long as you keep the recovery phrase for your Ledger NanoS or Nano X under sole control, your hardware wallet will continue to be safe. Be extremely suspicious of any alleged emails from Ledger or other contact. Ledger itself, meanwhile, must be prepared for a loss of trust. Remember: Hardware wallets should always be ordered directly from the manufacturer to be sure that they have not been compromised by strangers as soon as they are put into operation.

Wer noch keine Bitcoins hat kann diese hier kaufen: 

Be the first to comment

Leave a Reply

Your email address will not be published.